joblib is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling of pickle files in the read_array()
function within numpy_pickle.py
where pickle.load
is enabled by default. This allows an attacker to execute arbitrary code by loading a maliciously crafted pickle file.